示例#1
0
<?php

$custom_css = array('settings.scss');
$custom_js = array('highlight.js');
require_once 'init.php';
$app->page->title = 'Settings - 2 Step Authentication';
require_once 'header.php';
$tab = '2-step';
include 'elements/tabs_settings.php';
require 'vendor/gauth.php';
$ga = new gauth();
$st = $app->db->prepare('SELECT g_auth, g_secret FROM users WHERE user_id = :uid');
$st->execute(array(':uid' => $app->user->uid));
$step = $st->fetch();
?>

    <h1>2 Step Authentication</h1>
    <p>2-Step Authentication adds an extra layer of security to your HackThis Account, drastically reducing the chances of having your account stolen. To break into an account with 2-Step Authentication, bad guys would not only have to know your username and password, they'd also have to get a hold of your phone.</p>
    
    <h2>Google Authenticator</h2>
    <p>Google Authenticator is a product developed by Google which allows the user to make use of <a href="http://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm">TOTP</a>.<br />When enabled you will be asked for a code from your Google Authenicator app on your mobile device when logging into HackThis. It is available for <a href="https://itunes.apple.com/gb/app/google-authenticator/id388497605?mt=8">Apple</a> and <a href="https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en_GB">Android</a> devices</p>
    
<?php 
if ($step->g_auth != 1 && !isset($_GET['google'])) {
    ?>
        <p><a href="?google=1">Enable Google Authenticator</a></p>
<?php 
} else {
    if (!isset($_GET['google'])) {
        $qrCodeUrl = $ga->getQRCodeGoogleUrl($app->user->username, $step->g_secret, 'HackThis!!');
        ?>
示例#2
0
 public function googleAuth($authCode, $uid = null)
 {
     if (!$uid) {
         $uid = $_SESSION['g_auth'];
     }
     // setup Google Auth class
     require 'vendor/gauth.php';
     $ga = new gauth();
     $st = $this->app->db->prepare('SELECT g_secret FROM users WHERE user_id = :uid');
     $st->execute(array(':uid' => $uid));
     $secret = $st->fetch();
     // verify Google code
     $checkResult = $ga->verifyCode($secret->g_secret, $authCode, 2);
     // 2 = 2*30sec clock tolerance
     if ($checkResult) {
         $this->uid = $uid;
         // if ok unset the session and log in
         unset($_SESSION['g_auth']);
         $this->loggedIn = true;
         // Setup GA event
         $this->app->ssga->set_event('user', 'login', 'GAuth', $this->uid);
         $this->app->ssga->send();
         $this->createSession();
         return true;
     } else {
         unset($_SESSION['g_auth']);
         $app->user->loggedIn = false;
         $app->user->g_auth = false;
         $this->login_error = 'Incorrect Authenticator code';
         return false;
     }
 }